Samsung has released an urgent security update for Galaxy smartphones after discovering active attacks targeting devices running Android 13 or newer.
The vulnerability, identified as CVE-2025-21043, was reported by WhatsApp and allows attackers to run malicious code on affected devices through a memory flaw in an image-parsing library.
The issue affects a wide range of Galaxy phones, including the Galaxy S25 and S25 Ultra, and is similar to a zero-day vulnerability that targeted iPhones last month.
Samsung confirmed that the exploit has been seen “in the wild” and urged users to install the patch as soon as it becomes available.
The vulnerability lies in third-party image-handling software called libimagecodec.quram. Experts warn that because WhatsApp is installed on nearly all Galaxy devices, the app provides a large attack surface for hackers.
Samsung’s update is being rolled out according to model, region, and carrier, meaning not all users will receive it immediately.
Security specialists advise installing the update and restarting devices as soon as it is available to reduce the risk of exploitation.
